Re: [EXTERNAL] RE: After Windows Server Restart, tomcat generating New JSESSIONID even with <%@ page session="false" %>

Joey, On 5/7/24 10:50, Joey Cochran wrote: Coud this be the culprit ? ${CATALINA_BASE}/conf/context.xml Possible, but the report was that every single request generates a new JSESSIONID, not that every session seems to have expired and needs to be re-initialized

Re: [EXTERNAL] RE: After Windows Server Restart, tomcat generating New JSESSIONID even with <%@ page session="false" %>

Coud this be the culprit ? ${CATALINA_BASE}/conf/context.xml From: Hamdan Khan Sent: Tuesday, May 7, 2024 9:09 AM To: users@tomcat.apache.org Subject: [EXTERNAL] RE: After Windows Server Restart, tomcat generating New JSESSIONID even

RE: After Windows Server Restart, tomcat generating New JSESSIONID even with <%@ page session="false" %>

Thank you Mark, We have har files when the server is in error state, it shows that the jsessionid is sent in request. *Is there a reverse proxy in the mix?* No. we directly access tomcat. *Are you using sessions at all* Yes, we are using the default tomcat session in debugger it says

Re: After Windows Server Restart, tomcat generating New JSESSIONID even with <%@ page session="false" %>

On 06/05/2024 11:05, Hamdan Khan wrote: Hello everyone, We're having a problem with Tomcat on Windows servers. It only happens when: Tomcat is running as a service (automatically started by Windows). The Windows server automatically restarts for updates. After the restart, Tomcat starts

After Windows Server Restart, tomcat generating New JSESSIONID even with <%@ page session="false" %>

Hello everyone, We're having a problem with Tomcat on Windows servers. It only happens when: Tomcat is running as a service (automatically started by Windows). The Windows server automatically restarts for updates. After the restart, Tomcat starts creating new session IDs for every request, even

Re: AW: JSessionId secure attribute not set if RemoteIpFilter with X-Forwarded-Proto https is used

Hi Reto, fortunately I use RemoteIpValve but I would like to know, if you have time, what advantages there would be using RemoteIpFilter. TIA Il 09/02/2023 08:50, Reto Weiss ha scritto: Hi Mark Reported ashttps://bz.apache.org/bugzilla/show_bug.cgi?id=66471 Regards Reto

AW: JSessionId secure attribute not set if RemoteIpFilter with X-Forwarded-Proto https is used

Hi Mark Reported as https://bz.apache.org/bugzilla/show_bug.cgi?id=66471 Regards Reto - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org

Re: JSessionId secure attribute not set if RemoteIpFilter with X-Forwarded-Proto https is used

the JSESSIONID cookie I get back is missing the secure attribute. I have debugged the RemoteIpFilter the isSecure flag of the wrapper request it creates is correctly set to true. Unfortunately, the method getSession() or getSession(Boolean) is forwarded to the wrapped original request were the isSecure

JSessionId secure attribute not set if RemoteIpFilter with X-Forwarded-Proto https is used

Hi There I use Tomcat 9.0.68 and the org.apache.catalina.filters.RemoteIpFilter Filter behind a NGINX reverse proxy. On the NGINX I set the http header X-Forwarded-Proto to https. If I now make a request with a Browser to the reverse proxy the JSESSIONID cookie I get back is missing the secure

Re: How to completely deactivate JSESSIONID cookie entry (in Chrome's Cookie list)

Hi Peter, >>Go to a site that does not use sessions (and tomcat) and it will have that >>entry. You are right, every site with no cookies causes the entry under cookies in chrome. So this issue is solved. Thank you Tillmann

Re: How to completely deactivate JSESSIONID cookie entry (in Chrome's Cookie list)

On Fri, Jan 29, 2021 at 12:03 PM Tillmann Schulz wrote: > Hi there, > > I am using Tomcat 8.5.58 and have a problem with JSESIONID cookie. > It should be possible to completly deactivate the jsessionid cookie with > the following code: > > <%@ page session

Re: How to completely deactivate JSESSIONID cookie entry (in Chrome's Cookie list)

Hi Tillmann, Am 2021-01-29 11:00, schrieb Tillmann Schulz: Hi there, I am using Tomcat 8.5.58 and have a problem with JSESIONID cookie. It should be possible to completly deactivate the jsessionid cookie with the following code: <%@ page session="false" %> If you do that

How to completely deactivate JSESSIONID cookie entry (in Chrome's Cookie list)

Hi there, I am using Tomcat 8.5.58 and have a problem with JSESIONID cookie. It should be possible to completly deactivate the jsessionid cookie with the following code: <%@ page session="false" %> If you do that and call the JSP, there is in no entry under cookies in google

Re: Not able to make JSESSIONID cookie secure

Hi Amit, On Wed, Jan 6, 2021 at 11:15 AM Amit Khosla wrote: > Hi, > > Thanks for the reply. > > We tried the settings on multiple machines. And found that the same > configuration machines gave different results. > We are getting multiple jsessionid cookies being created.

Re: Not able to make JSESSIONID cookie secure

Hi, Thanks for the reply. We tried the settings on multiple machines. And found that the same configuration machines gave different results. We are getting multiple jsessionid cookies being created. In our application, we have a multi tenant application. For each tenant we have an nginx running

Re: Not able to make JSESSIONID cookie secure

Mark, On 1/4/21 03:17, Mark Thomas wrote: On 04/01/2021 06:02, Amit Khosla wrote: Hi, We are still facing this issue. Can someone please help us? In a clean 8.5.x install, session cookies are only marked as secure if the request that triggered the session creation is made over a secure

Re: Not able to make JSESSIONID cookie secure

n the changes did not reflect, we made changes in specific app as >> well. But we could not see the cookie as secure. >> >> We verified by the response headers seen in chrome developer tool. The >> cookie JSESSIONID does not have a secure flag. >> >> By the way, Ha

Re: Not able to make JSESSIONID cookie secure

well. But we could not see the cookie as secure. > > We verified by the response headers seen in chrome developer tool. The > cookie JSESSIONID does not have a secure flag. > > By the way, Happy New Year! > > On Thu, Dec 31, 2020 at 5:01 PM Darryl Lewis > wrote: > &

Re: Not able to make JSESSIONID cookie secure

Thanks for reply! We did changes in /conf/web.xml. But when the changes did not reflect, we made changes in specific app as well. But we could not see the cookie as secure. We verified by the response headers seen in chrome developer tool. The cookie JSESSIONID does not have a secure flag

Re: Not able to make JSESSIONID cookie secure

31/12/20, 3:50 pm, "Amit Khosla" wrote: > > Hi Team, > > > > As we are looking forward for JSESSIONID to be secure. > > > > We made changes in web.xml in tomcat/conf > >

Re: Not able to make JSESSIONID cookie secure

mit Khosla" wrote: > > Hi Team, > > > > As we are looking forward for JSESSIONID to be secure. > > > > We made changes in web.xml in tomcat/conf > > > > > > true > > true > >

Re: Not able to make JSESSIONID cookie secure

true true Restart the server. On 31/12/20, 3:50 pm, "Amit Khosla" wrote: Hi Team, As we are looking forward for JSESSIONID to be secure. We made changes in web.xml in tomcat/conf true

Not able to make JSESSIONID cookie secure

Hi Team, As we are looking forward for JSESSIONID to be secure. We made changes in web.xml in tomcat/conf true true But even after the changes, we are not able to get the JSESSIONID cookie as secure. We also tried changes in web.xml of our

RE: Setting samesite attribute on JSESSIONID

ile it goes in to add the samesite attribute to the JSESSIONID. > I'm assuming they want it globally for all webapps. >What have you tried already? To paraphrase Maxwell Smart, "Missed it by that much". Our shipping version is at 9.0.20, so the warnings about unknown

Re: Setting samesite attribute on JSESSIONID

goes in to add the samesite attribute to the JSESSIONID. I'm assuming > they want it globally for all webapps. > After Christopher Schultz pointed me in the right direction, I added the following line to $CATALINA_BASE/conf/context.xml This allowed my JAMstack app to set a JSESSIONID from a R

Re: Setting samesite attribute on JSESSIONID

king for an XML fragment and > the file it goes in to add the samesite attribute to the > JSESSIONID. I'm assuming they want it globally for all webapps. What have you tried already? - -chris -BEGIN PGP SIGNATURE- Comment: Using GnuPG with Thunderbird - htt

Setting samesite attribute on JSESSIONID

Have a customer asking about this. I see Tomcat supports it here. https://tomcat.apache.org/tomcat-9.0-doc/config/cookie-processor.html We currently use defaults, so I'm looking for an XML fragment and the file it goes in to add the samesite attribute to the JSESSIONID. I'm assuming they want

Re: Tomcat 9 ;jsessionid

@gmail.com] > Sent: Thursday, April 26, 2018 4:53 AM > To: Tomcat Users List <users@tomcat.apache.org> > Subject: Tomcat 9 ;jsessionid > > > Hello, > > > > One thing I have noticed with Tomcat 9.0.x I get alot > > ;jsessionid=xxx appended to my urls. This did not

RE: Tomcat 9 ;jsessionid

Hi Greg -Original Message- From: Greg Huber [mailto:gregh3...@gmail.com] Sent: Thursday, April 26, 2018 4:53 AM To: Tomcat Users List <users@tomcat.apache.org> Subject: Tomcat 9 ;jsessionid > Hello, > > One thing I have noticed with Tomcat 9.0.x I get alot > ;jsess

Re: Tomcat 9 ;jsessionid

Chris, >As for your image URLs failing due to those path parameters... why are >they failing? Which component is generating those HTTP 500 responses? ​I did some more investigation and my app would not display the image with the ; http://www.myapp.co.uk/images/image_32x32.png;jses

Re: Tomcat 9 ;jsessionid

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Greg, On 4/26/18 4:53 AM, Greg Huber wrote: > Hello, > > One thing I have noticed with Tomcat 9.0.x I get alot > ;jsessionid=xxx appended to my urls. This did not happen with > 8.5.x. > > /images/image

Re: Tomcat 9 ;jsessionid

On 26/04/18 09:53, Greg Huber wrote: > Hello, > > One thing I have noticed with Tomcat 9.0.x I get alot ;jsessionid=xxx > appended to my urls. This did not happen with 8.5.x. > > /images/image_32x32.png;jsessionid=BF27C604B287CCF6DF3DBDB180C2CBEB > > 5

Tomcat 9 ;jsessionid

Hello, One thing I have noticed with Tomcat 9.0.x I get alot ;jsessionid=xxx appended to my urls. This did not happen with 8.5.x. /images/image_32x32.png;jsessionid=BF27C604B287CCF6DF3DBDB180C2CBEB 500 Internal Server Error /images/image_32x32.png;jsessionid= ... 23784378307846F: 1

Re: jsessionid path parameter: Is this compliant with the Servlet 3.0 spec?

On 05/02/2018 03:18, Dave Glasser wrote: > Thanks, that is pretty clear and unambiguous, as is "The name of > the parameter must be jsessionid." When the spec is in conflict with itself, > I'm happy to consider Tomcat the reference implementation. Technically, the RI is gl

Re: jsessionid path parameter: Is this compliant with the Servlet 3.0 spec?

Thanks, that is pretty clear and unambiguous, as is "The name of the parameter must be jsessionid." When the spec is in conflict with itself, I'm happy to consider Tomcat the reference implementation. The reason a session cookie name had to be specified in the first place was

Re: jsessionid path parameter: Is this compliant with the Servlet 3.0 spec?

On 03/02/18 21:55, Dave Glasser wrote: > This text is based on a stackoverflow question I posted earlier today: > https://stackoverflow.com/questions/48600576/jsessionid-as-path-parameter-not-working-in-tomcat/48602272 > > > I'm using Tomcat 7.0.84, and my web app uses the Servlet

jsessionid path parameter: Is this compliant with the Servlet 3.0 spec?

This text is based on a stackoverflow question I posted earlier today: https://stackoverflow.com/questions/48600576/jsessionid-as-path-parameter-not-working-in-tomcat/48602272 I'm using Tomcat 7.0.84, and my web app uses the Servlet 3.0 deployment descriptor. The web.xml file contains

Re: encodeURL, jsessionid and mod_rewrite ?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Laurent, On 10/4/17 6:31 PM, Laurent Perez wrote: > Obviously I'm thinking about renaming the war but the rewriting is > really used, for example seo friendly urls like /bar/steps/1 > internally rewrite to /foo/somesubmodule/steps.jsp?step=1 and

Re: encodeURL, jsessionid and mod_rewrite ?

On 4 October 2017 23:31:36 BST, Laurent Perez <l.lauren...@gmail.com> wrote: >Thanks for the replies. The jsessionid/cookie tracking mode is not >really >part of the problem, sorry about that. > >Obviously I'm thinking about renaming the war but the rewriting is >reall

Re: encodeURL, jsessionid and mod_rewrite ?

Thanks for the replies. The jsessionid/cookie tracking mode is not really part of the problem, sorry about that. Obviously I'm thinking about renaming the war but the rewriting is really used, for example seo friendly urls like /bar/steps/1 internally rewrite to /foo/somesubmodule/steps.jsp?step

Re: encodeURL, jsessionid and mod_rewrite ?

tomcat frontend. A "foo" war is deployed at /foo context path under tomcat. The /foo path is not public, apache has a rewrite rule defined as : /bar/* rewrites internally to /foo/*. I'm using jstl and its for every url in my jsps to gain the ;jsessionid from encodeURL whenever j

Re: encodeURL, jsessionid and mod_rewrite ?

not public, apache has a rewrite rule defined as : /bar/* rewrites internally to /foo/*. I'm using jstl and its for every url in my jsps to gain the ;jsessionid from encodeURL whenever jsessionid cookie is not yet set (1st requests) Now my question is : the results in a "/foo/page.jsp;js

Re: encodeURL, jsessionid and mod_rewrite ?

ule defined as : /bar/* >>> rewrites internally to /foo/*. >>> >>> I'm using jstl and its for every url in my >>> jsps to gain the ;jsessionid from encodeURL whenever jsessionid >>> cookie is not yet set (1st requests) >>> > >addin

Re: encodeURL, jsessionid and mod_rewrite ?

write as a tomcat frontend. A >> "foo" war is deployed at /foo context path under tomcat. The /foo >> path is not public, apache has a rewrite rule defined as : /bar/* >> rewrites internally to /foo/*. >> >> I'm using jstl and its for every url in my >&

Re: encodeURL, jsessionid and mod_rewrite ?

e defined as : /bar/* > rewrites internally to /foo/*. > > I'm using jstl and its for every url in my > jsps to gain the ;jsessionid from encodeURL whenever jsessionid > cookie is not yet set (1st requests) > > Now my question is : the results in a > "/foo/pa

encodeURL, jsessionid and mod_rewrite ?

ps to gain the ;jsessionid from encodeURL whenever jsessionid cookie is not yet set (1st requests) Now my question is : the results in a "/foo/page.jsp;jsessionid=..." I want the result instead as /bar/pages.jsp;jsessionid= Should I go straight for a HttpServletResponseWrapper replacing e

Re: JSESSIONID changed without notice

Am Montag, den 11.04.2016, 10:22 + schrieb Arno Schäfer: > Hi Felix, > > thank you very much for that hint. > > > When a session gets 'authenticated' its id will change to prevent > > session fixation attacks. If you are interested in the events telling > > you the change you have two

Re: JSESSIONID changed without notice

Hi Felix, thank you very much for that hint. > When a session gets 'authenticated' its id will change to prevent > session fixation attacks. If you are interested in the events telling > you the change you have two possibilities: ok, that explain, what I see :-) > 1. Use servlet api 3.1 and

Re: JSESSIONID changed without notice

an authentification and this is bound at the JSESSIONID. So the idea is, to canalize these request to a filter and handle the necessary things, when a new session is created or destroyed. So during a create event I put the ID in a map and do some things and after the destroy I remove it from the map. So

JSESSIONID changed without notice

Hi all, I have the following Problem: we have a very old, some kind of complex webapp, that run under tomcat 7.0.54 on Windows. I have to maintain some functionality and came to a point, what I can't understand. Some requests have to have an authentification and this is bound at the JSESSIONID

RE: seeking help with stabilizing the persistence of a JSESSIONID

p.html From: Christopher Schultz [ch...@christopherschultz.net] Sent: Thursday, September 10, 2015 4:15 PM To: Tomcat Users List Subject: Re: seeking help with stabilizing the persistence of a JSESSIONID -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hardy, O

Re: Multiple JSESSIONID cookies being presented.

ers@tomcat.apache.org> >> Subject: Re: Multiple JSESSIONID cookies being presented. >> >> -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 >> >> Jeffrey, >> >> On 9/10/15 12:26 PM, Jeffrey Janner wrote: >>> Thanks for all the help guys. I think I'v

RE: Multiple JSESSIONID cookies being presented.

> -Original Message- > From: Caldarale, Charles R [mailto:chuck.caldar...@unisys.com] > Sent: Thursday, September 10, 2015 12:01 PM > To: Tomcat Users List <users@tomcat.apache.org> > Subject: RE: Multiple JSESSIONID cookies being presented. > > > From: Jeff

RE: Multiple JSESSIONID cookies being presented.

> -Original Message- > From: Christopher Schultz [mailto:ch...@christopherschultz.net] > Sent: Thursday, September 10, 2015 2:24 PM > To: Tomcat Users List <users@tomcat.apache.org> > Subject: Re: Multiple JSESSIONID cookies being presented. > > -BEGIN PGP

Re: seeking help with stabilizing the persistence of a JSESSIONID

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Mark, On 9/9/15 9:43 PM, Pottinger, Hardy J. wrote: > It doesn't matter which Authenticator is installed, they all behave > the same way. The user name from httpd is used to populate the > remote user name and the user principal and the user

RE: Multiple JSESSIONID cookies being presented.

> -Original Message- > From: Christopher Schultz [mailto:ch...@christopherschultz.net] > Sent: Wednesday, September 09, 2015 1:50 PM > To: Tomcat Users List <users@tomcat.apache.org> > Subject: Re: Multiple JSESSIONID cookies being presented. > > -BEGIN PGP

RE: seeking help with stabilizing the persistence of a JSESSIONID

Hi, in helping a colleague diagnose another problem for another servlet, I was using PsiProbe, and I noticed that it has session diagnostics. Doh! I promptly fired up PsiProbe on my Tomcat server, returning to this JSESSIONID issue, and watched the session get created as part of a password

RE: Multiple JSESSIONID cookies being presented.

> From: Jeffrey Janner [mailto:jeffrey.jan...@polydyne.com] > Subject: RE: Multiple JSESSIONID cookies being presented. > I checked the error.jsp file and it does have session=true set, and if the > icon file > is missing, the error.jsp is definitely being sent. >

Re: seeking help with stabilizing the persistence of a JSESSIONID

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hardy, On 9/10/15 1:00 PM, Pottinger, Hardy J. wrote: > The session attribute we are creating to hold the flag to indicate > the session is "interrupted"... is not serializable... which I > think means that, when the new session is created as part

RE: seeking help with stabilizing the persistence of a JSESSIONID

e: seeking help with stabilizing the persistence of a JSESSIONID -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hardy, On 9/10/15 1:00 PM, Pottinger, Hardy J. wrote: > The session attribute we are creating to hold the flag to indicate > the session is "interrupted"... is not

Re: Multiple JSESSIONID cookies being presented.

n" reference will be non-null. That will allow you to use session information in error.jsp if a session already exists, but not create a superfluous session when one does not (yet) exist. Back to Tomcat's session management: Tomcat *can* handle this situation properly: it will try all JSESSION

Re: seeking help with stabilizing the persistence of a JSESSIONID

ng? It's simpler than you think. Tomcat really does nothing other than this after successful authentication: session.setSessionId(randomNewSessionId); The "new" session is in fact the same as the old session -- it just has a new identifier. The client will get a Se

RE: seeking help with stabilizing the persistence of a JSESSIONID

Schultz [ch...@christopherschultz.net] Sent: Thursday, September 10, 2015 2:57 PM To: Tomcat Users List Subject: Re: seeking help with stabilizing the persistence of a JSESSIONID -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hardy, On 9/10/15 3:36 PM, Pottinger, Hardy J. wrote: >> p

Re: seeking help with stabilizing the persistence of a JSESSIONID

s change ids. - -chris > From: Christopher Schultz > [ch...@christopherschultz.net] Sent: Thursday, September 10, 2015 > 2:57 PM To: Tomcat Users List Subject: Re: seeking help with > stabilizing the persistence of a JSESSIONID > >

RE: Multiple JSESSIONID cookies being presented.

> -Original Message- > From: Igor Cicimov [mailto:icici...@gmail.com] > Sent: Tuesday, September 08, 2015 10:09 PM > To: Tomcat Users List <users@tomcat.apache.org> > Subject: RE: Multiple JSESSIONID cookies being presented. > > On 09/09/2015 7:13 AM, &q

RE: seeking help with stabilizing the persistence of a JSESSIONID

st Subject: Re: seeking help with stabilizing the persistence of a JSESSIONID -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hardy, On 9/4/15 4:32 PM, Pottinger, Hardy J. wrote: >> Are you using AJP or HTTP as your proxy protocol? If AJP, are >> you using tomcatAuthentication

Re: seeking help with stabilizing the persistence of a JSESSIONID

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hardy, On 9/4/15 4:32 PM, Pottinger, Hardy J. wrote: >> Are you using AJP or HTTP as your proxy protocol? If AJP, are >> you using tomcatAuthentication="false" on your ? I'm >> not exactly sure what happens when you do that... you might get >> a

RE: Multiple JSESSIONID cookies being presented.

> -Original Message- > From: Caldarale, Charles R [mailto:chuck.caldar...@unisys.com] > Sent: Tuesday, September 08, 2015 4:58 PM > To: Tomcat Users List <users@tomcat.apache.org> > Subject: RE: Multiple JSESSIONID cookies being presented. > > > From: Jose

Re: seeking help with stabilizing the persistence of a JSESSIONID

On 09/09/2015 21:30, Christopher Schultz wrote: > Hardy, > > On 9/9/15 4:22 PM, Pottinger, Hardy J. wrote: >> Ha, sorry for the useless detail :-) > > It's no problem. Stymied by the effective use of class extension > features in an OO language. :) > Is that enough of a clue? >>> Ha ha ha,

Re: seeking help with stabilizing the persistence of a JSESSIONID

day, September 09, 2015 > 3:09 PM To: Tomcat Users List Subject: Re: seeking help with > stabilizing the persistence of a JSESSIONID > > Hardy, > > On 9/9/15 3:54 PM, Pottinger, Hardy J. wrote: >> Well... it occurred to me that from time to time we happen to >> have stack t

Re: seeking help with stabilizing the persistence of a JSESSIONID

Here is the web.xml for the main UI webapp https://github.com/DSpace/DSpace/blob/master/dspace-xmlui/src/main/webapp/WEB-INF/web.xml Sent from my Zact Mobile phone. Mark Thomas wrote: On 09/09/2015 21:30, Christopher Schultz wrote: > Hardy, > > On 9/9/15 4:22 PM, Pottinger,

Re: Multiple JSESSIONID cookies being presented.

ers@tomcat.apache.org> >> Subject: RE: Multiple JSESSIONID cookies being presented. >> >>> From: Jose María Zaragoza [mailto:demablo...@gmail.com] >>> Subject: Re: Multiple JSESSIONID cookies being presented. >> >>>> Thanks for the clarification of what

Re: Multiple JSESSIONID cookies being presented.

e for /APP2, Tomcat will: > > a. Place a session identifier in the URL with value X b. Return a > Set-Cookie response header for JSESSIONID with value Y > > Where X != Y? >> So far, it looks like it is maintaining an X=Y philosophy. So >> that's a non-starter. Maybe we aren't co

Re: seeking help with stabilizing the persistence of a JSESSIONID

of time ;) - -chris > From: Christopher Schultz > [ch...@christopherschultz.net] Sent: Wednesday, September 09, 2015 > 3:09 PM To: Tomcat Users List Subject: Re: seeking help with > stabilizing the persistence of a JSESSIONID > > Hardy, > &

Re: Multiple JSESSIONID cookies being presented.

che.org> >> Subject: RE: Multiple JSESSIONID cookies being presented. >> >> > From: Jose María Zaragoza [mailto:demablo...@gmail.com] >> > Subject: Re: Multiple JSESSIONID cookies being presented. >> >> > > Thanks for the clarification of what's supposed

Re: seeking help with stabilizing the persistence of a JSESSIONID

> From: Pottinger, Hardy J. Sent: Wednesday, September 09, 2015 9:35 > AM To: Tomcat Users List Subject: RE: seeking help with stabilizing > the persistence of a JSESSIONID > > Hi, thanks for following up! No, no luck at all. The web > application I'm working with is based on Ap

RE: seeking help with stabilizing the persistence of a JSESSIONID

:61) at java.lang.Thread.run(Thread.java:745) From: Pottinger, Hardy J. Sent: Wednesday, September 09, 2015 2:54 PM To: Tomcat Users List Subject: RE: seeking help with stabilizing the persistence of a JSESSIONID Well... it occurred to me that from time

RE: seeking help with stabilizing the persistence of a JSESSIONID

/master/dspace-api/src/main/java/org/dspace/authenticate From: Christopher Schultz [ch...@christopherschultz.net] Sent: Wednesday, September 09, 2015 3:09 PM To: Tomcat Users List Subject: Re: seeking help with stabilizing the persistence of a JSESSIONID --

RE: seeking help with stabilizing the persistence of a JSESSIONID

of a JSESSIONID Hi, thanks for following up! No, no luck at all. The web application I'm working with is based on Apache Cocoon 2.2, so, no JSPs in sight. I am actually weighing my options, I have a choice to either pursue making the current design work (i.e. try to get the session to stick around long

RE: Multiple JSESSIONID cookies being presented.

> -Original Message- > From: Jose María Zaragoza [mailto:demablo...@gmail.com] > Sent: Tuesday, September 08, 2015 9:22 AM > To: Tomcat Users List <users@tomcat.apache.org> > Subject: Re: Multiple JSESSIONID cookies being presented. > > 2015-09-08 15:

RE: Multiple JSESSIONID cookies being presented.

> From: Jose María Zaragoza [mailto:demablo...@gmail.com] > Subject: Re: Multiple JSESSIONID cookies being presented. > > Thanks for the clarification of what's supposed to happen on receipt, Jose. > > However, I am describing what happens on first contact from the client

RE: Multiple JSESSIONID cookies being presented.

> -Original Message- > From: Jose María Zaragoza [mailto:demablo...@gmail.com] > Sent: Tuesday, September 08, 2015 9:08 AM > To: Tomcat Users List <users@tomcat.apache.org> > Subject: Re: Multiple JSESSIONID cookies being presented. > > 2015-09-08 15:

Re: Multiple JSESSIONID cookies being presented.

2015-09-08 22:57 GMT+02:00 Jeffrey Janner <jeffrey.jan...@polydyne.com>: >> -Original Message- >> From: Jose María Zaragoza [mailto:demablo...@gmail.com] >> Sent: Tuesday, September 08, 2015 9:08 AM >> To: Tomcat Users List <users@tomcat.apache.org>

RE: Multiple JSESSIONID cookies being presented.

> -Original Message- > From: Christopher Schultz [mailto:ch...@christopherschultz.net] > Sent: Friday, September 04, 2015 12:46 PM > To: Tomcat Users List <users@tomcat.apache.org> > Subject: Re: Multiple JSESSIONID cookies being presented. > > -BEGIN PGP

Re: Multiple JSESSIONID cookies being presented.

che.org> >> Subject: Re: Multiple JSESSIONID cookies being presented. >> >> -BEGIN PGP SIGNED MESSAGE- >> Hash: SHA256 >> >> Jeffrey, >> >> On 9/4/15 12:37 PM, Jeffrey Janner wrote: >> > I'm running Tomcat 8.0.24 on Ubuntu 14.04 w

Re: Multiple JSESSIONID cookies being presented.

che.org> >> Subject: Re: Multiple JSESSIONID cookies being presented. >> >> -BEGIN PGP SIGNED MESSAGE- >> Hash: SHA256 >> >> Jeffrey, >> > Now, it's been doing this since at least Tomcat 6, I have one running now, > and I've never had a pr

RE: Multiple JSESSIONID cookies being presented.

s@tomcat.apache.org> > > Subject: Re: Multiple JSESSIONID cookies being presented. > > > > 2015-09-08 15:51 GMT+02:00 Jeffrey Janner <jeffrey.jan...@polydyne.com>: > > >> -Original Message- > > >> From: Christopher Schultz [mailto:ch...@chri

Multiple JSESSIONID cookies being presented.

at a login screen unique to the context and provided by it (not using container auth). When I connect to ROOT, no problem, but when I connect to APP2, I get 2 JSESSIONID cookies, one with the path "/" and the other with the path "/APP2/". On the Windows implementations, we are

RE: Multiple JSESSIONID cookies being presented.

> -Original Message- > From: Christopher Schultz [mailto:ch...@christopherschultz.net] > Sent: Friday, September 04, 2015 12:46 PM > To: Tomcat Users List <users@tomcat.apache.org> > Subject: Re: Multiple JSESSIONID cookies being presented. > > -BEGIN PGP

Re: Multiple JSESSIONID cookies being presented.

ers@tomcat.apache.org> >> Subject: Re: Multiple JSESSIONID cookies being presented. >> > Jeffrey, > > On 9/4/15 12:37 PM, Jeffrey Janner wrote: >>>> I'm running Tomcat 8.0.24 on Ubuntu 14.04 with Java 8u45, but >>>> I'm also seeing this on Windows (versi

RE: Multiple JSESSIONID cookies being presented.

> -Original Message- > From: Christopher Schultz [mailto:ch...@christopherschultz.net] > Sent: Friday, September 04, 2015 2:55 PM > To: Tomcat Users List <users@tomcat.apache.org> > Subject: Re: Multiple JSESSIONID cookies being presented. > > -BEGIN PGP

RE: seeking help with stabilizing the persistence of a JSESSIONID

s List Subject: Re: seeking help with stabilizing the persistence of a JSESSIONID -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hardy, On 9/3/15 2:32 PM, Pottinger, Hardy J. wrote: >> Are you actually using HTTP Basic authentication? You may be >> configuring the wrong authen

Re: Multiple JSESSIONID cookies being presented.

Java 7U51. > > I have 2 contexts installed in Tomcat, one is ROOT, the other > APP2. Both contexts start off at a login screen unique to the > context and provided by it (not using container auth). > > When I connect to ROOT, no problem, but when I connect to APP2, I >

Re: seeking help with stabilizing the persistence of a JSESSIONID

On 03.09.2015 23:31, Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hardy, On 9/3/15 2:32 PM, Pottinger, Hardy J. wrote: Are you actually using HTTP Basic authentication? You may be configuring the wrong authenticator. (I know nothing about Shibboleth) I'm using

seeking help with stabilizing the persistence of a JSESSIONID

ion. I can see the JSESSIONID cookie at step 1 above. At step 4, the JSESSIONID is new. In other words, the previous session (with the previous URL information) is discarded. I suspect that there is some setting for Tomcat7 I'm missing, Is there some way to tell Tomcat to allow these sessions

RE: seeking help with stabilizing the persistence of a JSESSIONID

:12 AM To: users@tomcat.apache.org Subject: seeking help with stabilizing the persistence of a JSESSIONID Hi, I'm a committer for DSpace [1] (a Java servlet) and I'm working on a bug [2]. This bug presents with the following symptoms: 1) user searches site, finds an item of interest, attempts

Re: seeking help with stabilizing the persistence of a JSESSIONID

ser is > returned to the home page of the site, instead of the item > previously requested > > DSpace stores the previously-visited URL in the session. I can see > the JSESSIONID cookie at step 1 above. At step 4, the JSESSIONID > is new. In other words, the previous sessio

RE: seeking help with stabilizing the persistence of a JSESSIONID

Hi, Chris, thanks for the quick reply! Right now I'm just grasping at straws. If I can prove the JSESSIONID remains the same, and the previous URL is still lost, I'll have definitive proof that the application code is somehow at fault. Right now I have this gray area where it looks

RE: seeking help with stabilizing the persistence of a JSESSIONID

tz [ch...@christopherschultz.net] Sent: Thursday, September 03, 2015 12:00 PM To: Tomcat Users List Subject: Re: seeking help with stabilizing the persistence of a JSESSIONID -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hardy, On 9/3/15 12:52 PM, Pottinger, Hardy J. wrote: > Hi, I'm trying to disabl

Re: seeking help with stabilizing the persistence of a JSESSIONID

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hardy, On 9/3/15 12:52 PM, Pottinger, Hardy J. wrote: > Hi, I'm trying to disable session-fixation-attack protection on > our test server, and I've added the following valve to both my > application's context-fragment file, as well as the main >

  1   2   3   4   5   6   >